2017 Global Vulnerability Management Market Leadership Award

Qualys continues to lead the market with new network coverage and security solutions that leverage its cloud-based platform for scalability, automation, and ease of use.

Highlights

Agent-based detection

In addition to our scanners, VM also works with the groundbreaking Qualys Cloud Agents, extending its network coverage to assets that can’t be scanned. The lightweight, all-purpose, self-updating agents reside on the assets they monitor— no scan windows, credentials, or firewall changes needed. Vulnerabilities are found faster, and network impact is minimal.

Constant monitoring and alerts

When VM is paired with Continuous Monitoring (CM), InfoSec teams are proactively alerted about potential threats so problems can be tackled before turning into breaches. You can tailor alerts and be notified about general changes or specific circumstances. CM gives you a hacker’s-eye view of your perimeter, acting as your cloud sentinel.

As enterprises adopt cloud computing, mobility, and other disruptive technologies for digital transformation, Qualys VM offers next-generation vulnerability management for these hybrid IT environments whose traditional boundaries have been blurred. With its fast deployment, low TCO, unparalleled accuracy, robust scalability, and extensibility, Qualys VM is relied upon by thousands of organizations throughout the world.

Discover forgotten devices and organize your host assets

With Qualys, you can quickly determine what’s actually running in the different parts of your network—from your perimeter and corporate network to virtualized machines and cloud services such as Amazon EC2. Uncover unexpected access points, web servers and other devices that can leave your network open to attack.

Visually map your network with our graphical host map

Prioritize your remediation by assigning a business impact to each asset

Identify which OS, ports, services and certificates are on each device on your network

Organize hosts to match the structure of your business—e.g., by location, region, and company department

Dynamically tag assets to automatically categorize hosts by attributes like network address, open ports, OS, software installed, and vulnerabilities found

Scan for vulnerabilities everywhere, accurately and efficiently

Scan systems anywhere from the same console: your perimeter, your internal network, and cloud environments (such as Amazon EC2). Since Qualys separates scanning from reporting, you can scan deeply and then create custom reports showing each audience just the level of detail it needs to see.

Examine your network’s vulnerabilities over time, at different levels of detail, instead of just single snapshots

Predict which hosts are at risk for Zero-Day Attacks with the optional Qualys Zero-Day Risk Analyzer

Remediate vulnerabilities

Qualys tracks the disposition of each vulnerability on each host over time. This helps you document the actions taken in response to each vulnerability and monitor the effectiveness of your remediation efforts.

Automatically generate and assign remediation tickets whenever vulnerabilities are found

Get consolidated reports of which hosts need which patches

Integrate with third-party IT ticketing systems

Manage exceptions when a vulnerability might be riskier to fix than to leave alone

Exceptions can be set to automatically expire after a period of time for later review

Custom reports anytime, anywhere — without rescanning

Qualys’ ability to track vulnerability data across hosts and time lets you use reports interactively to better understand the security of your network. Use a library of built-in reports, change what’s shown or choose different sets of assets — all without having to rescan. Reports can be generated on demand or scheduled automatically and then shared with the appropriate recipients online, in PDF or CSV.

Create different reports for different audiences—from scorecards for executives, to detailed drill-downs for IT teams

Document that policies are followed & lapses get fixed

Provide context & insight about each vulnerability, including trends, predictions, and potential solutions

Use new search filters to quickly build queries, so you don’t have to type up long queries in the search box

Replace current reports with live widgets, and enjoy benefits like finding where a CVE is across your environment very quickly without having to run a report

Powered by the Qualys Cloud Platform

Single-pane-of-glass UI

See the results in one place, in seconds. With AssetView, security and compliance pros and managers get a complete and continuously updated view of all of their IT assets — from a single dashboard interface. Its fully customizable and lets you see the big picture, drill down into details, and generate reports for teammates and auditors. Its intuitive and easy-to-build dynamic dashboards aggregate and correlate all of your IT security and compliance data in one place from all the various Qualys Cloud Apps. With its powerful elastic search clusters, you can now search for any asset – on-premises, endpoints and all clouds – with 2-second visibility.

Deploy from a public or private cloud — fully managed by Qualys. With Qualys, there are no servers to provision, no software to install, and no databases to maintain. You always have the latest Qualys features available through your browser, without setting up special client software or VPN connections.

Scalable and extensible

Scale up globally, on demand. Integrate with other systems via extensible XML-based APIs. You can use Qualys with a broad range of security and compliance systems, such as GRC, ticketing systems, SIEM, ERM, and IDS.